Expert Advice Community

Guest

How to exclude information in the definition of scope?

  Quote
Guest
Guest user Created:   Dec 21, 2020 Last commented:   Dec 21, 2020

How to exclude information in the definition of scope?

We have purchased your „ISO 27001 Power Toolkit" and would need support. We, ***, offer our customers a SaaS solution. We are currently preparing for TISAX certification and are in the process of setting up the ISMS. TISAX is largely based on ISO 27001.

Here is my question about the scope to be determined:

Our headquarters are in the ***  with branches in various countries among others in ***. Only the branch based in *** should be certified and defined in the scope. The design and maintenance of the IaaS and SaaS is specified and executed by the *** headquarters, Therefore we want to treat this area (hosting) and thus its service lines as a supplier. The problem is that employees in our IT department in the *** branch take on maintenance and administrative tasks for the EMEA area of hosting. How can this be excluded in the definition of the scope?

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Dec 21, 2020

I assume your question is how to exclude maintenance and administrative tasks for the EMEA area of hosting from your scope. 

First you have to consider if this exclusion is feasible or not - if the people who work on mentioned tasks within your branch cannot be logically and/or physically separated from the rest of your branch office, then it would be better if they remain in the scope. 

If it is feasible to exclude the activities you mentioned from the scope, then you have to define in your ISMS Scope document which activities are, and which are not included in your scope. Together with the toolkit you purchased you have the access to the video tutorial that explains how to fill out the ISMS Scope document. 

These materials will also help you with the scope definition: 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 21, 2020

Dec 21, 2020

Suggested Topics